blob: 2ff4c50d8e1378c7b65ed2d02c46ae8158bf71bb [file] [log] [blame]
Adrià Vilanova Martínezf19ea432024-01-23 20:20:52 +01001# Copyright 2018 The Chromium Authors
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
Copybara854996b2021-09-07 19:36:02 +00004
5from __future__ import print_function
6from __future__ import division
7from __future__ import absolute_import
8
9RESTRICT_VIEW_PATTERN = 'restrict-view-%'
10
11
12def GetPersonalAtRiskLabelIDs(
13 cnxn, user, config_svc, effective_ids, project, perms):
14 """Return list of label_ids for restriction labels that user can't view.
15
16 Args:
17 cnxn: An instance of MonorailConnection.
18 user: User PB for the signed in user making the request, or None for anon.
19 config_svc: An instance of ConfigService.
20 effective_ids: The effective IDs of the current user.
21 project: A project object for the current project.
22 perms: A PermissionSet for the current user.
23 Returns:
24 A list of LabelDef IDs the current user is forbidden to access.
25 """
26 if user and user.is_site_admin:
27 return []
28
29 at_risk_label_ids = []
30 label_def_rows = config_svc.GetLabelDefRowsAnyProject(
31 cnxn, where=[('LOWER(label) LIKE %s', [RESTRICT_VIEW_PATTERN])])
32
33 for label_id, _pid, _rank, label, _docstring, _hidden in label_def_rows:
34 label_lower = label.lower()
35 needed_perm = label_lower.split('-', 2)[-1]
36
37 if not perms.CanUsePerm(needed_perm, effective_ids, project, []):
38 at_risk_label_ids.append(label_id)
39
40 return at_risk_label_ids